Vulnerabilities > CVE-2020-13661 - Unspecified vulnerability in Telerik Fiddler 5.0.20202.18177
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser option. Fixed in version 5.0.20204.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- https://www.nagenrauft-consulting.com/blog/
- https://www.telerik.com/support/whats-new/fiddler/release-history/fiddler-v5.0.20204
- https://www.telerik.com/support/whats-new/release-history
- https://www.nagenrauft-consulting.com/blog/
- https://www.telerik.com/support/whats-new/release-history
- https://www.telerik.com/support/whats-new/fiddler/release-history/fiddler-v5.0.20204